apache
Airflow graceful loading for plugins for users without read permissions
Fixes: #51299 - Impossible to load UI if user does not have read permissions on plugins
Summary
This PR ensures the Airflow UI loads gracefully for authenticated users who do not have read permissions on plugins.
Details
- Refactored
routes/ui/config.pyto safely handle cases whereplugins_manager.flask_appbuilder_menu_linksisNone, preventing 403 errors from blocking the UI. - Adjusted import order for clarity and maintainability.
- The UI now loads extra plugin menu items from a new
plugins_extra_menu_itemsattribute in the UI config endpoint, so all authenticated users can see them, regardless of direct plugin permissions. - The UI no longer calls the
public/providersendpoint for these menu items. - Fixes failing CI pipeline and other tests.
Context
Previously, users without read permissions on plugins would receive a 403 Forbidden error, causing the entire UI to fail rendering. With this fix, the UI continues to render and display default elements, and plugin menu items are provided in a way accessible to all authenticated users.
Closes #51299.
@pierrejeambrun I had to create a new PR as I rebased by mistake while shifting between dev environments but this one shouldn't require anything to be done hopefully.
@tanujdargan , I created a new user with the "Viewer" role, and when I log in, I still see 403 errors with your changes:
@rawwar You were right about the 403 error still being there I've gone ahead and pushed an update for that, should be all good now!
It makes more sense to start this from scratch since most of the stuff would need to be redone and I would have a lot of unnecessary conflicts.
@tanujdargan Thanks for you message, I'm not sure starting over would be the fastest way, do you plan to open a new PR with the updates?
I partially started over, it was more efficient since I had a lot of merge conflicts some of which couldn't be resolved. I've raised a new PR here: https://github.com/apache/airflow/pull/52408